Skip to content
Truto
Back
AI & Agents

Connect OneDrive to Claude: Browse Drives and Sync User Data

Learn how to connect OneDrive to Claude using a managed MCP server. Execute natural language queries to browse files, search drives, and automate data retrieval.

Uday Gajavalli Uday Gajavalli · · 10 min read
Connect OneDrive to Claude: Browse Drives and Sync User Data

If you need to give AI agents access to corporate file repositories, document search, or automated user provisioning, you need a Model Context Protocol (MCP) server. This server acts as the translation layer between Claude's JSON-RPC tool calls and the Microsoft Graph API. You can either build and maintain this infrastructure yourself, dealing with Graph's notorious authorization scopes and rate limits, or use a managed integration platform like Truto to dynamically generate a secure, authenticated MCP server URL. If your team uses ChatGPT, check out our guide on connecting OneDrive to ChatGPT or explore our broader architectural overview on connecting OneDrive to AI Agents.

Giving a Large Language Model (LLM) read and write access to a sprawl of enterprise files in OneDrive is an engineering challenge. You have to handle Microsoft's OAuth 2.0 token lifecycles, map massive nested JSON schemas to MCP tool definitions, and deal with highly specific file access patterns. Every time Microsoft updates an endpoint or deprecates a legacy path, you have to update your server code, redeploy, and test the integration.

This guide breaks down exactly how to use Truto to generate a secure, managed MCP server for OneDrive, connect it natively to Claude Desktop, and execute complex file management workflows using natural language.

The Engineering Reality of the OneDrive API

A custom MCP server is a self-hosted integration layer. While the open MCP standard provides a predictable way for models to discover tools, the reality of implementing it against Microsoft Graph (the underlying API for OneDrive) is painful. You are not just integrating "OneDrive" - you are integrating a massive, unified entity graph with specific design patterns, error formats, and architectural quirks.

If you decide to build a custom MCP server for OneDrive, you own the entire API lifecycle. Here are the specific challenges you will face when mapping Microsoft Graph to LLM tools:

The Drive and DriveItem Abstraction Microsoft Graph does not use simple file paths. Everything in OneDrive is abstracted into Drive and DriveItem resources. To access a file, an LLM cannot simply ask for /documents/q3-report.pdf. It must first identify the correct drive_id, then traverse the folder structure using list methods to find the specific item_id of the file. If you expose raw Microsoft Graph endpoints to Claude, the model will frequently hallucinate file paths or fail to chain the necessary Drive to DriveItem lookups. Truto abstracts the underlying proxy API definitions into clear, atomic tools with descriptive parameters, making it easier for the model to understand the necessary sequence of operations.

Pre-Authenticated Download URLs Retrieving the actual binary content of a file in OneDrive is uniquely complex. The API does not stream the file back directly in a standard GET response. Instead, requesting file content returns a 302 Found redirect with a pre-authenticated @microsoft.graph.downloadUrl in the Location header. This URL expires after a short period. LLMs cannot handle 302 redirects natively within a tool call. A custom MCP server must intercept the redirect, fetch the binary from the temporary URL, and encode it in a way the model can consume.

Complex Search Query Payloads The Microsoft Graph Search API is powerful but highly structured. It requires a deeply nested JSON body specifying entityTypes (like driveItem), contentSources, and specific queried fields. LLMs struggle to format this complex JSON payload from scratch without making syntax errors or hallucinating unsupported entity types. By mapping these endpoints to strictly validated JSON schemas, Truto ensures the model always passes the correct payload structure.

Aggressive Throttling and Rate Limits Microsoft Graph is heavily throttled based on the tenant, the app, and the user. When you hit a limit, Microsoft returns an HTTP 429 status code. It is critical to understand that Truto does not retry, throttle, or apply exponential backoff on rate limit errors. When the upstream OneDrive API returns a 429, Truto passes that error directly to the caller.

However, Truto does normalize the varied upstream rate limit information into standardized HTTP headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) according to the IETF specification. This means your AI agent framework (like LangChain or Claude Desktop) receives a predictable signal and is completely responsible for implementing its own retry and backoff logic using the ratelimit-reset window.

How to Generate a OneDrive MCP Server with Truto

Truto dynamically generates MCP tools based on the existing documentation and schemas defined for the OneDrive integration. Tools are not hardcoded. When you create an MCP server, Truto cross-references the API endpoints you have configured with their documented schemas, ensuring only properly described tools are exposed to the LLM.

Each MCP server is scoped to a single integrated account (a connected instance of OneDrive for a specific user). You can generate the server URL in two ways: via the Truto UI or programmatically via the API.

Method 1: Generating via the Truto UI

For testing, internal workflows, or one-off agent deployments, the UI is the fastest path.

  1. Navigate to the Integrated Accounts section in your Truto dashboard.
  2. Select the connected OneDrive account you want to use.
  3. Click the MCP Servers tab.
  4. Click Create MCP Server.
  5. Select your desired configuration (name, allowed methods like read or write, and specific tool tags).
  6. Copy the generated MCP server URL. It will look like https://api.truto.one/mcp/a1b2c3d4....

Method 2: Generating via the API

For production usage, you will want to generate MCP servers programmatically when your users connect their OneDrive accounts.

Make an authenticated POST request to /integrated-account/:id/mcp:

const response = await fetch('https://api.truto.one/integrated-account/ACCOUNT_ID/mcp', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer YOUR_TRUTO_API_KEY',
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({
    name: "Claude OneDrive Access",
    config: {
      methods: ["read", "write", "custom"],
      tags: ["documents", "users"]
    }
  })
});
 
const mcpServer = await response.json();
console.log(mcpServer.url); // The URL Claude will use

The returned url contains a cryptographically signed token that authenticates requests. This URL is completely self-contained. The client connecting to it does not need any additional API keys unless you explicitly configure the server to require them.

Connecting the MCP Server to Claude

Once you have the URL, you need to tell Claude how to communicate with it. Because Truto MCP servers use the standardized Server-Sent Events (SSE) transport over HTTP, they work natively with any MCP-compliant client.

Method 1: Via the Claude or ChatGPT UI

If you are using the consumer-facing versions of these models, you can add the connector directly in the interface.

For Claude:

  1. Open Claude and navigate to Settings -> Integrations -> Add MCP Server.
  2. Paste the Truto MCP URL.
  3. Click Add. Claude will immediately handshake with the server and list the available OneDrive tools.

For ChatGPT:

  1. Go to Settings -> Apps -> Advanced settings.
  2. Enable Developer mode.
  3. Under MCP servers, click Add new server.
  4. Name it (e.g., "OneDrive") and paste the Truto MCP URL.
  5. Save and return to your chat.

Method 2: Via Manual Configuration File

If you are using Claude Desktop or a custom agent framework, you can configure the connection via the JSON config file. Because Truto provides an SSE endpoint, you use the standard @modelcontextprotocol/server-sse package to proxy the connection.

Update your claude_desktop_config.json (located at ~/Library/Application Support/Claude/claude_desktop_config.json on macOS):

{
  "mcpServers": {
    "truto-onedrive": {
      "command": "npx",
      "args": [
        "-y",
        "@modelcontextprotocol/server-sse",
        "https://api.truto.one/mcp/YOUR_GENERATED_TOKEN"
      ]
    }
  }
}

Restart Claude Desktop. The model will initialize the connection, fetch the tool schemas, and be ready to execute commands against OneDrive.

Hero Tools for OneDrive Automation

Truto translates Microsoft Graph endpoints into functional tools with automatically derived snake_case names and injected pagination cursors. Here are the highest-leverage tools available for OneDrive.

Search Drive Items (list_all_one_drive_search_drive_items)

Allows the model to search for specific files across the user's root drive using a text query. This is almost always the first tool the model should call when looking for a specific document.

"Search my OneDrive for any documents related to the 'Project Apollo' launch and give me their item IDs."

List All Drives (list_all_one_drive_drives)

Retrieves a list of all drives accessible to the authenticated user. In enterprise environments, a single user may have access to their personal OneDrive as well as several shared document libraries.

"List all the drives I currently have access to, and tell me who the owner of each drive is."

List Drive Items (list_all_one_drive_drive_items)

Navigates the folder structure. Requires a drive_id and an item_id (representing a folder). It returns the children of that folder, allowing the model to recursively browse directories.

"Look inside the folder with item ID '01ABCD...' and list the names and sizes of all the files inside it."

Get Drive Item Metadata (get_single_one_drive_drive_item_by_id)

Fetches deep metadata about a specific file, including creation dates, the user who last modified it, E-tags, and web URLs. Crucial for auditing or verifying file integrity.

"Get the metadata for the file with ID '01XYZA...'. I need to know exactly when it was last modified and by whom."

List Drive Item Permissions (list_all_one_drive_drive_item_permissions)

Exposes the sharing status of a specific file or folder. It returns exactly who has access, what their roles are (read, write), and whether the permission was granted directly or inherited from a parent folder.

"Check the permissions on the 'Q4 Financials' spreadsheet. Tell me exactly which users have write access to it."

Download Drive Item Content (one_drive_drive_items_download)

Retrieves the actual binary content of a file. Truto handles the underlying 302 redirects from Microsoft Graph, returning the file content directly to the caller. This allows Claude to actually read the contents of text files, CSVs, or specific documents.

"Download the contents of the file with ID '01LMNO...' and summarize the key action items listed in the document."

For the complete inventory of available OneDrive endpoints and their precise JSON schemas, visit the OneDrive integration page.

Workflows in Action

Once connected, Claude can orchestrate multi-step operations that would normally require manual clicks through the Microsoft 365 web interface. Here are real-world examples of persona-specific workflows.

IT Security: Auditing Exposed Documents

Security teams frequently need to hunt down sensitive documents that have been shared too broadly across an organization.

"Search my OneDrive for any files containing the phrase 'API Keys'. For any file you find, check the permissions and tell me if anyone outside my immediate team has access."

  1. Claude calls list_all_one_drive_search_drive_items with the query q: "API Keys".
  2. The server returns a list of matching DriveItems and their IDs.
  3. For each ID, Claude iterates and calls list_all_one_drive_drive_item_permissions.
  4. Claude analyzes the returned permission objects, looking for grantedTo users or public link details.
  5. The model outputs a clean summary identifying which files are exposed and who can see them.

Sales Operations: Extracting Context from Contracts

Sales teams store massive amounts of unstructured data in OneDrive. AI can act as a direct retrieval interface for this data.

"Find the 'Acme Corp Master Services Agreement' in my drive. Download it and tell me what the specified termination notice period is."

  1. Claude calls list_all_one_drive_search_drive_items with the query q: "Acme Corp Master Services Agreement".
  2. Identifying the correct item ID, Claude calls one_drive_drive_items_download passing the ID.
  3. The MCP server handles the Microsoft Graph authentication and temporary download URL, returning the document text.
  4. Claude reads the content, locates the termination clause, and answers the user's prompt directly.

HR/Admin: User Directory Syncing

Administrators often need to cross-reference organizational structures with OneDrive provisioning.

"List all users in the system. For the user 'Jane Doe', find her primary drive ID and tell me how much storage quota she has remaining."

  1. Claude calls list_all_one_drive_users to retrieve the directory.
  2. It locates Jane Doe's userPrincipalName or id.
  3. Claude calls list_all_one_drive_drives passing Jane's user ID as a query parameter.
  4. Once the primary drive ID is returned, Claude calls get_single_one_drive_drive_by_id to retrieve the quota object (containing remaining, used, and total bytes).
  5. Claude formats the storage data into a readable response.

Security and Access Control

Giving an LLM access to corporate OneDrive instances requires strict boundary setting. Truto provides four distinct configuration layers to lock down MCP servers at generation time:

  • Method Filtering (methods): Restrict the server to specific operation types. Setting methods: ["read"] ensures the LLM can only execute get and list operations, physically preventing it from creating, updating, or deleting files in OneDrive.
  • Tag Filtering (tags): Scope access to specific functional areas. If you configure a server with tags: ["directory"], the MCP server will only expose tools related to listing users, completely omitting file search or download tools.
  • Secondary Authentication (require_api_token_auth): By default, possessing the MCP URL grants access. Setting this flag to true requires the connecting client to also send a valid Truto API token in the Authorization header, adding a strict identity check before any tool executes.
  • Automatic Expiration (expires_at): For automated workflows or temporary contractor access, pass an ISO datetime string. The MCP server token and its associated KV records will be automatically destroyed when the alarm fires, leaving no stale credentials behind.

The Better Way to Build AI Agents

Writing custom API wrappers for Microsoft Graph is a poor use of engineering time. Dealing with DriveItem hierarchies, handling @odata.nextLink pagination, and managing 302 download redirects requires constant maintenance.

By generating an MCP server through Truto, you abstract away the REST boilerplate. You get normalized pagination, strict JSON schema validation, standardized rate-limit headers for your agent's retry logic, and zero-maintenance authentication. Your agents get immediate, reliable access to the files they need to do their jobs.

FAQ

Does the Truto MCP server automatically retry requests when OneDrive rate limits are hit?
No. Truto does not retry, throttle, or apply backoff logic. When Microsoft Graph returns a 429 Too Many Requests error, Truto passes that error directly to the caller. However, Truto normalizes the upstream rate limit data into standard headers (ratelimit-limit, ratelimit-remaining, ratelimit-reset) so your AI agent framework can cleanly handle its own retry logic.
How does the MCP server handle downloading files from OneDrive?
Microsoft Graph typically returns a 302 redirect or a temporary @microsoft.graph.downloadUrl for file contents. Truto handles this redirect process natively under the hood when using the download tool, returning the actual file content to the LLM so it doesn't have to navigate HTTP redirects itself.
Can I restrict the Claude agent to only read files and not modify them?
Yes. When generating the MCP server URL via the API or Truto UI, you can apply a method filter (e.g., methods: ["read"]). This ensures only GET and LIST tools are exposed to the model, completely preventing it from executing writes or deletes.

More from our Blog